Overview

overview

7

Static

static

3

c9e0eb921a...18.exe

windows7-x64

7

c9e0eb921a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/04/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c9e0eb921a4f4f473d7cf30d103a5b28_JaffaCakes118.exe

  • Size

    1.9MB

  • MD5

    c9e0eb921a4f4f473d7cf30d103a5b28

  • SHA1

    7fd90c058111fed7c99b066c2d9a1e6f9d3e4693

  • SHA256

    3ccc12dab568a2bc886c129cfc57c195495fd58cabafc2683695a0b00e9524da

  • SHA512

    f1d7011b206acbd5db68cd44d82872d0825187fe6664b7332f0c5fe122b76f45a1ab4f186ebf0263f69e52c4fb199a1c1d1d83fddf2d24b45a1118e0ef5ab89f

  • SSDEEP

    49152:Qoa1taC070djLtuFmNXec7U+u/Oyu9W1pg:Qoa1taC0gLtTl7E1kW1O

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c9e0eb921a4f4f473d7cf30d103a5b28_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\c9e0eb921a4f4f473d7cf30d103a5b28_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1300
    • C:\Users\Admin\AppData\Local\Temp\9212.tmp
      "C:\Users\Admin\AppData\Local\Temp\9212.tmp" --splashC:\Users\Admin\AppData\Local\Temp\c9e0eb921a4f4f473d7cf30d103a5b28_JaffaCakes118.exe AA5A728C1E307F65833034BEA52488220AE29741398E171F2CA191407BCB7780B4846A95884D892D2D3D2DBA223177AEA29486345936B768008FA60030643F26
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\9212.tmp
    Filesize

    1.9MB

    MD5

    f860ff3807eb4d921dfd5bacbce9a92c

    SHA1

    ed823da5cf4eea9a99cdb0bc536ac89c2787b91c

    SHA256

    a2c6791f4ac9cc33ebcb6acb6b01f8c19b8381ce08fde88f64839f56eef113fb

    SHA512

    7da9db6f0ef88ce3fb29dd247b043fa0377a898a6f5b92509cac4543dcdc03e025c729998b21ce0b6b9bea07797e69c44c8d0ac661bb91bb8833d93fe5ef8884

    Download Submit

  • memory/1300-0-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2172-6-0x0000000000400000-0x00000000005E6000-memory.dmp

    Filesize

    1.9MB

    Download